package com.kingwang.study.spring.security.demo.exception.handler;

import com.kingwang.study.spring.security.demo.util.HttpServletUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;

import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@RestControllerAdvice(basePackages = {"com.kingwang.study.spring.security.demo.controller"})
public class GlobalExceptionHandler {
    @ExceptionHandler(AccessDeniedException.class)
    public void handleAccessDeniedException(HttpServletResponse response, AccessDeniedException e) throws IOException {
        // 用户权限不足返回HTTP 403
        HttpServletUtils.sendHttpStatusResponse(response, HttpStatus.FORBIDDEN);
    }
}
